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DETAILED ACTION 
Response to Amendment 

1 . Claims 1-23 are currently pending in this application. # 



Claim Rejections - 35 USC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.©. 102 that form the. 
basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1 (2) of such treaty in the English language. £ 

3. Claims 1-9 and 13 are rejected under 35 U.S.C 102(e) as being anticipated by U.S. 
Patent Number 6,345,300 to Bakshi et aL 

4. As to claim 1 , Bakshi teaches a reverse proxy network communication scheme 
comprising: a proxy agent located inside a protected network addressable by £ least one internal 
network device, the proxy agent establishing outgoing network connections (col. 2, lines 36-65); 
a security device through which all traffic between the protected network and external networks 
must travel, the security device permitting at least outgoing connections via at least one 
predetermined network protocol (col. 2, lines 36-65); an external proxy server outside the 
protected network and reachable by the proxy agent via. outgoing network connections through 
the security device, the external proxy server also being addressable by at least one external 
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network device, thereby allowing communication between the at least one external network 
device and the at least one internal network device (col 3, line 31-col 4, line$). 

5. As to claim 2, Bakshi teaches the scheme of claim 1 wherein the at least one 
predetermined network protocol is HTTP (col. 3, lines 56-65). 

6. As to claim 3, Bakshi teaches the scheme of claim 1 further including an outgoing proxy 
server in communication with the agent and which the proxy agent used to establish outgoing 
connections (col 2, lines 36-65, the firewall proxy or the transcoding server could be considered 
such an outgoing server). 

7. As to claim 4, Bakshi teaches the scheme of claim 1 wherein the external proxy server is 
in communication with at least one other network, receives, and stores data addressed to the at 
least one internal network device (col. 3, line 31-col. 4, line 5). 

8. As to claim 5, Bakshi teaches the scheme of claim 4, wherein the proxy agent polls the 
external proxy server to check for data addressed to the at least one internal network device (col. 
5, lines 5-45). * 

9. As to claim 6, Bakshi teaches the scheme of claim 5 wherein the proxy agent downloads 
data addressed to the at least one internal network device form the external proxy server and 
forwards the data to the at least one internal network device (col. 4, line 31-col. 5, line 4). 

10. As to claim 7, Bakshi teaches the scheme of claim 4 wherein the external proxy server 
ensures proper cookie routing (col. 3, line 31-col. 4, line 5). 

11. As to claim 8, Bakshi teaches the scheme of claim 1, wherein the proxy agent forwards 
outgoing data to the external proxy server, which transmits the data to the at least one external 
network device (col. 2, lines 36-65). * 
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12. As to claim 9, Bakshi teaches a method of accessing amnternal network device on a 
protected network, the network including a security device, the method comprising: storing data 
addressed to the internal network device in an external proxy server (col. 2, lines 36-65); 
maintaining a proxy agent on the protected network, the proxy agent executing the step of: 
polling the external proxy server for data addressed to the internal network device (col. 4, line 

31 -col. 5, line 4); forwarding to the internal network device any data on the external proxy server 
and addressed to the internal network device (col. 3, line 31 -col. 4, line 5); and forwarding to the 
external proxy server any data addressed to an external device in communication with the 
external proxy server (col. 2, lines 36-65). • 

13. As to claim 13, Bakshi teaches the method of claim 9 further including multiplexing 
multiple requests from the proxy agent to the external proxy server through the same connection 
(col. 4, line 31 -col. 5, line 4). 

Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

15. Claims 22-23 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Patent 
Number 6,345,300 to Bakshi et al. in view of U.S. Patent Number 6,510,464 to Grantges, Jr. et 
aL 
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16. As to claim 22, Bakshi teaches the scheme of claim 1, however Bakshi does not explicitly 
teach a scheme for providing network administrators control over the ability to allow and deny 
entry on a per session basis. * 

Grantges teaches a method for providing network administrators control over the system 
including granting administrators the ability to allow and deny entry into the protected network 
on a per session basis (col. 7, line 63-col. 8, line 14). 

It would have been obvious to one of ordinary skill in the Computer >fetworking art at the 
time of the invention to combine the teachings of Bakshi regarding the use of a proxy agent to 
contact an external proxy with the teachings of Grantges regarding control by administrators of 
sessions because such control allows administrators the control user authentication (Grantges, 
col. 7, line 63-col 8, line 14). * 

17. As to claim 23, Grantges teaches a method wherein access is conferred by granting a key 
with a predetermined life span (col. 7, lines 63-col. 8, line 14). 

18. Claims 1 1-12 and 17-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
U.S. Patent Number 6,345,300 to Bakshi et al. in view of U.S. Patent Numbef 5,673,322 to Pepe 
etal. 

1 9. As to claim 1 1, Bakshi teaches the method of claim 9; however Bakshi does not explicitly 
teach communicating by the internal network device with the external proxy server using a first 
network protocol and the external network device communicates with the external proxy server 
using a second network protocol. 
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Pepe teaches communicating by the internal network device with the external proxy 
server using a first network protocol and the external network-device communicates with the 
external proxy server using a second network protocol (col. 8, lines 16-25). 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Bakshi regarding the use of a proxy agent to 
contact an external proxy with the teachings of Pepe regardingxommunicating using differing 
protocols between an internal and external device because a user may want to use encryption for 
security reasons (Pepe, col. 8, lines 16-25). 

20. As to claim 12, Pepe teaches a method wherein data addressed to the internal network 
device using the second network protocol is transmitted to theinternal device using the first 
network protocol so that the second network protocol is carried to the internal network device 
inside the first network protocol (col. 8, lines 16-25). 

21. As to claim 17, Bakashi teaches the method of claim 9, however Bakashi does not 
explicitly teach returning a stream of spurious bytes if nothingls pending. 

Pepe teaches a method wherein polling comprises connecting the external proxy server to 
check for pending traffic; returning a stream of spurious bytes ignored by the proxy agent if there 
is nothing pending (col. 8, lines 26-60); immediately transmitting data form the external proxy 
server to the proxy agent when the external proxy server receives data form a client, thus closing 
the connection to flush any buffering performed by intervening proxy servers (col. 8, lines 26- 
60). 

It would have been obvious to one of ordinary skill in the Computer l^etworking art at the 
time of the invention to combine the teachings of Bakshi regarding the use of a proxy agent to 
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contact an external proxy with the teachings of Pepe regarding returning a stream of spurious 
bytes if nothing is pending because such a polling method would improve performance (Pepe, 
col 8, lines 26-60). . .. 

22. As to claim 18, Bakashi teaches the method of claim 9, however BakaShi does not 
explicitly teach a method wherein communication between the proxy agent and the external 
proxy server is encrypted. 

Pepe teaches a method wherein communication between the proxy agent and the external 
proxy server is encrypted (col. 10, lines 29-37). * 

It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Bakshi regarding the use of a proxy agent to 
contact an external proxy with the teachings of Pepe regarding the use of encryption because 
encryption is commonly used in secure networking (Pepe, col. 10, lines 29-3?). 

23. Claims 19-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Patent 
Number 6,345,300 to Bakshi et al. in view of U.S. Patent Number 5,673,322 to Pepe et al. in 
further view of U.S. Patent Number 6,510,464 to Grantges, Jr. et al.: - 

24. As to claim 19, the Bakshi-Pepe combination teaches the scheme of c&im 1, however the 
Bakshi-Pepe combination does not explicitly teach a scheme with encryption using SSL for 
HTTP. 

Grantges teaches a scheme for encryption using SSL for HTTP (col. 4, lines 23-32). 
It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of the Bakshi-Pepe combination regarding the use 
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of a proxy agent to contact an external proxy with the teachings of Grantges regarding the use of 
SSL for HTTP because SSL provides secure and fast messaging (Grantges, col. 4, lines 23-32). 

25. As to claim 20, Grantges teaches a method wherein apcoxy agent and an external proxy 
server require X.509 certificates (col. 6, lines 12-27). 

26. Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Patent 
Number 6,345,300 to Bakshi et al. in view of U.S. Patent Number 6,621,827 to Rezvani et al.. 

27. As to claim 10, Bakshi teaches the method of claim 9'; however Bakshi does not explicitly 
teach polling the external proxy server at regular intervals. 

Rezvani teaches polling an external proxy server at regular intervals (col. 15, lines 25- 

37). 

It would have been obvious to one of ordinary skill nrthe Computer Networking art at the 
time of the invention to combine the teachings of Bakshi regarding the use of a proxy agent to 
contact an external proxy with the teachings of Rezvani regarding polling at regular intervals 
because data may be waiting for a client at any time (Rezvani, col. 15, lines 25-37). 

28. Claims 14-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Patent 
Number 6,345,300 to Bakshi et al. in view of U.S. Patent Number 5,826,014 to Coley et al.. 

29. As to claim 14, Bakshi teaches the method of claim 9, however Bakshi does not explicitly 
teaching mapping ports to proxy agents. 

Coley teaches a method of maintaining by an extemafproxy server maps between local 
TCP/IP ports of the external proxy server and private IP addresses on a protected network, the 
maps being distinguished by an identity of the proxy agent used to access them (col. 7, lines 35- 
63). 
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It would have been obvious to one of ordinary skill in the Computer fjptworking art at the 
time of the invention to combine the teachings of Bakshi regarding the use of a proxy agent to 
contact an external proxy with the teachings of Coley regarding the mapping of ports to proxy 
agents because mapping a proxy agent to a particular port increases processing efficiency (Coley, 
col. 7, lines 51-54). # 

30. As to claim 15, Coley teaches a method of publishing by each proxy agent a list of 
addresses it can reach to an external proxy server, the external proxy server using this list to 
create a respective map between local ports and proxy agents (col. 9, lines 33-60). 

31 . As to claim 16, Bakshi teaches a method of ensuring cookie delivery ^feol. 3, line 31 -col. . 
4, line 5). 

32. Claim 21 is rejected under 35 U.S.C. 103(a) as being unpatentable over U.S. Patent 
Number 6,345,300 to Bakshi et al. in view of International Application WO 00/68823 by 
Lawrence et aL * 

33. As to claim 21, Bakshi teaches the method of claim 9, however Bakshi does not teach 
rewriting cookies. 

Lawrence teaches a method of rewriting cookies with unique identifiers to prevent 
inadvertent transmission of private information to an incorrect recipient on tht protected network 
(page 2, line 19-page 3, line 7). 

34. It would have been obvious to one of ordinary skill in the Computer Networking art at the 
time of the invention to combine the teachings of Bakshi regarding the use of a proxy agent to 
contact an external proxy with the teachings of Lawrence regarding the rewri#ng of cookies 
because rewriting cookies protects the identifies of surfers (Lawrence, page 1, lines 14-19). 
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Response to Arguments 

35. Applicant's arguments filed 8/9/2005 have been fully considered but they are not 
persuasive. The applicant argues the following points: a) Thejixaminer has not identified a 
proxy agent located inside a protected network addressable by at least one internal network 
device; b) The proxy described by Bakshi is in contrast to the external proxy server recite in 
claim 1 , which is addressable by both the proxy agent and external devices, but initiates contact 
with neither; c) The Examiner has not identified a proxy agentx>r an external proxy server 
reachable by the proxy agent through the firewall; and d) With regard to claim 9, the Examiner 
has not identified maintaining a proxy agent on protected network that polls an external proxy 
server for data addressed t an internal network device. 

36. As to point a), looking at Figure 1, the firewall proxy from the previously cited portion of 
the reference is a proxy agent located inside a protected network addressable by at least one 
internal network device. 

37. As to point b), there is no claim limitation that states that the proxy server does not 
initiate contact with the proxy agent and external devices. Although the claims are interpreted in 
light of the specification, limitations from the specification are not read into the claims. See In 
re Van Geuns, 988 R2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

38. As to point c), the software running on the network firewall is considered a proxy agent 
and the network proxy is considered an external proxy serverreachable by the proxy agent. 

39. As to point d), the software on the network firewall relays requests to the http proxy for 
content. The claim language is non-specific to any polling details. 
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Conclusion 

40. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1. 136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filgd within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1. 136(a) will be calculated from the mailing date of the advisory action.^In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

41 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Douglas B. Blair whose telephone number is $71-272-3893. The 
examiner can normally be reached on 8:30am-5pm Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on 571-272-3868. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-930$, 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Douglas Blair 





ANDREW CALDWELL 
SUPERVISORY PATENT EXAMINER 



